diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs --- a/services/identity/src/constants.rs +++ b/services/identity/src/constants.rs @@ -6,6 +6,60 @@ // DynamoDB +// User table information, supporting opaque_ke 2.0 and X3DH information +pub mod opaque2 { + // Users can sign in either through username+password or Eth wallet. + // + // Structure for a user should be: + // { + // userID: String, + // opaqueRegistrationData: Option, + // username: Option, + // walletAddress: Option, + // device: String, + // devices: HashMap, { + // deviceType: String, # client or keyserver + // keyPayload: String, + // identityPreKey: String, + // identityPreKeySignature: String, + // identityOneTimeKeys: Vec, + // notifPreKey: String, + // notifPreKeySignature: String, + // notifOneTimeKeys: Vec, + // } + // } + // + // Additional context: + // "device" is the signing public identity key of primary device + // "devices" uses the signing public identity key of the device as a key for the devices map + // "keyPayload" is a JSON encoded string containing identity and notif keys (both signature and verification) + // deviceType of keyserver will not have any notif key information + + pub const USERS_TABLE: &str = "identity-users-opaque2"; + pub const USERS_TABLE_PARTITION_KEY: &str = "userID"; + pub const USERS_TABLE_REGISTRATION_ATTRIBUTE: &str = "opaqueRegistrationData"; + pub const USERS_TABLE_USERNAME_ATTRIBUTE: &str = "username"; + pub const USERS_TABLE_DEVICE_ATTRIBUTE_NAME: &str = "device"; + pub const USERS_TABLE_DEVICES_ATTRIBUTE: &str = "devices"; + pub const USERS_TABLE_DEVICES_MAP_KEY_PAYLOAD_ATTRIBUTE_NAME: &str = + "keyPayload"; + pub const USERS_TABLE_DEVICES_MAP_IDENTITY_PREKEY_ATTRIBUTE_NAME: &str = + "identityPreKey"; + pub const USERS_TABLE_DEVICES_MAP_IDENTITY_PREKEY_SIGNATURE_ATTRIBUTE_NAME: + &str = "identityPreKeySignature"; + pub const USERS_TABLE_DEVICES_MAP_IDENTITY_ONETIME_KEYS_ATTRIBUTE_NAME: &str = + "identityOneTimeKeys"; + pub const USERS_TABLE_DEVICES_MAP_NOTIF_PREKEY_ATTRIBUTE_NAME: &str = + "preKey"; + pub const USERS_TABLE_DEVICES_MAP_NOTIF_PREKEY_SIGNATURE_ATTRIBUTE_NAME: + &str = "preKeySignature"; + pub const USERS_TABLE_DEVICES_MAP_NOTIF_ONETIME_KEYS_ATTRIBUTE_NAME: &str = + "notifOneTimeKeys"; + pub const USERS_TABLE_WALLET_ADDRESS_ATTRIBUTE: &str = "walletAddress"; + pub const USERS_TABLE_USERNAME_INDEX: &str = "username-index"; + pub const USERS_TABLE_WALLET_ADDRESS_INDEX: &str = "walletAddress-index"; +} + pub const USERS_TABLE: &str = "identity-users"; pub const USERS_TABLE_PARTITION_KEY: &str = "userID"; pub const USERS_TABLE_REGISTRATION_ATTRIBUTE: &str = "pakeRegistrationData"; diff --git a/services/identity/src/main.rs b/services/identity/src/main.rs --- a/services/identity/src/main.rs +++ b/services/identity/src/main.rs @@ -6,7 +6,7 @@ mod client_service; mod config; -mod constants; +pub mod constants; mod database; mod interceptor; mod keygen; diff --git a/services/terraform/dynamodb.tf b/services/terraform/dynamodb.tf --- a/services/terraform/dynamodb.tf +++ b/services/terraform/dynamodb.tf @@ -193,6 +193,45 @@ } } +# Identity users with opaque_ke 2.0 credentials +resource "aws_dynamodb_table" "identity-users-opaque2" { + name = "identity-users-opaque2" + hash_key = "userID" + write_capacity = 10 + read_capacity = 10 + + attribute { + name = "userID" + type = "S" + } + + attribute { + name = "username" + type = "S" + } + + attribute { + name = "walletAddress" + type = "S" + } + + global_secondary_index { + name = "username-index" + hash_key = "username" + write_capacity = 10 + read_capacity = 10 + projection_type = "KEYS_ONLY" + } + + global_secondary_index { + name = "walletAddress-index" + hash_key = "walletAddress" + write_capacity = 10 + read_capacity = 10 + projection_type = "KEYS_ONLY" + } +} + resource "aws_dynamodb_table" "identity-tokens" { name = "identity-tokens" hash_key = "userID"